Banner

Key Insights Blog

Read the latest insights from our experts on GRC and risk management.

Top 5 Customer Concerns Around Managing Access Risk - Part 1

Posted by Ed Davis on 22 May 2013
Ed Davis

Here at Turnkey Consulting in Australia, we speak to many customers about their concerns with managing access risks in their SAP system.

Over the next 5 weeks, I will discuss the top 5 most commonly raised concerns that our customers have, and how GRC Access Control can address these. In summary, the issues are:

  1. Improper access to systems that may lead to loss from fraud or error
  2. Emergency access to systems, without the proper controls and auditability
  3. Reactive and fragmented approach to managing risk resulting in recurring audit issues
  4. Lack of visibility for management
  5. Excessive time and cost of audit

Improper access to systems that may lead to loss from fraud or error

We all know that most audits will uncover some Segregation of Duties (SoD) issues. If left unattended, excessive or conflicting access will most likely lead to loss due to fraud or error. An example of an error occurred when a user at our client, a global energy company, was authorised to run a poorly coded report, which ran for hours filling up critical tables which caused a system outage and prevented the payroll from running. An industrial relations dispute was narrowly avoided, as workers were not paid on time.

A recent example fraud occurred when a payroll officer at Australian whitegoods retailer Clive Peeters who had “full access” to their accounting systems stole $20m by altering EFT details and directing funds to her own bank account. This brought their share price down 95% and spelled the end of the company.

Both of the above scenarios could have been easily prevented by using Access Control to detect and prevent both SoD conflicts, and access to sensitive transactions. In our experience, clients have typically reduced their SoD violations by around 80% within first 3-6 months of implementing AC.

We would love to hear your thoughts. Please leave a comment.

We can let you know when we have a new blog - subscribe here

* We respect your privacy and personal data. By submitting your details and downloading our document you are accepting Turnkey Consulting's privacy policy which can be found here.

Turnkey_KeyviewsPage-1

For a 3 minute Introduction to Turnkey Consulting, Download Our 18 Page Flipboard Guide

Download